21.6 Using SSL objects directly

The C objects SSL and SSL_CTX are represented in LispWorks by foreign pointers with type ssl-pointer and ssl-ctx-pointer, which correspond to the C types SSL* and SSL_CTX*. These foreign types should be used for any foreign function that takes or returns these C types, and must be used when passing a foreign pointer as the value of the
:ssl-ctx
argument.

Making SSL objects is a way of getting access to them to perform configuration, but, especially in the case of the SSL_CTX, it is a useful way to avoid repeated calls to the configuration routines which may be time consuming. For example, if we have defined a function
configure-a-ctx
, and we want to read once every 60 seconds from some URL, we can write:

(loop (with-open-stream

(str (comm:open-tcp-stream some-url
443 :ssl-ctx t

:ctx-configure-callback 'configure-a-ctx))

(read-something str))

(sleep 60))

This will cause
configure-a-ctx
to be called each time. If it is expensive, we can call it only once by changing the code to:

(let ((ctx (comm:make-ssl-ctx :ssl-side :client)))

(configure-a-ctx ctx)

(loop (with-open-stream

(str (comm:open-tcp-stream some-url
443 :ssl-ctx ctx))

(read-something str))

(sleep 60))

(ssl-ctx-free ctx))

The SSL objects could be made either by make-ssl-ctx or ssl-new or by user code that calls the C functions SSL_CTX_new and SSL_new. destroy-ssl-ctx frees the SSL_CTX object. To free an SSL object you would call destroy-ssl. See the manual entries for full descriptions of these functions.